Re: [Snort-users] hardware setup for snort
This is a discussion on Re: [Snort-users] hardware setup for snort within the Snort forums, part of the System Security and Security Related category; What you're describing is an in-line setup: ISP -> Router -> Snort -> Firewall This is possible using ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-04-2004
|
|||
|
|||
Re: [Snort-users] hardware setup for snort
What you're describing is an in-line setup:
ISP -> Router -> Snort -> Firewall This is possible using the two-NIC configuration that you describe. And if you plan to deploy some type of active response, this setup is required, to allow Snort (or some add-on) to reset malicious connections. A less intrusive alternative, however, would be the use of a network tap, which is capable of relaying Firewall <-> Router traffic, while sending a copy to your sensor. There are a couple of advantages to using taps: - On a busy network, adding another routing device may affect performance. Taps, in general, introduce very little latency, if any. They're just relays. - If that routing device dies--and a server-based sensor is probably more likely to die than a dedicated routing appliance--you have to manage a hot-spare, or cut the sensor out of the loop to return to service. If the tap dies, network performance is uninterrupted--you lose some sensor data, but your network is up. ----- Original Message ----- From: Chris Scott <cscott@sge.com> Date: Wed, 04 Aug 2004 16:25:03 +1000 Subject: [Snort-users] hardware setup for snort To: snort-users@lists.sourceforge.net Just a question for the hardware requirements of a snort install. My internet connection plugs into a router through to a firewall then through to the internal network. With this setup could i put the snort box in between the router and the firewall? If so my understanding is that this would need two nic's in the snort box, is this how snort is supposed to be set up? thanks Chris ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
